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Lab 6Execute and Analyze Web Application Security Scan 


Now that you understand Web Application vulnerabilities and how to find them manually, we are 
going to look at how AppScan can be used to automate the detection of vulnerabilities within a 
web application. 


In this lab we are going to use AppScan to perform a vulnerability assessment against the demo 
application, demo.testfire.net. 


You will see how the tool can locate the defects within the web application, how to interpret the 
results, add defects to ClearQuest and how to generate reports appropriate for the intended 
audience. 


After completing this lab who will understand the value of using an automated tool in order to 
perform a vulnerability assessment 


In this lab you will play the role of a QA tester testing a web application security issues. 


Lab Overview 
e 6.1: Configure Web Application Scan 
e 6.2: Execute Web Application Scan 
e 6.3: Review Scan Results 
e 6.4: Create Defect 
e 6.5: Review Remediation 


e 6.6: Create Summary Report 


6.1 Set up Web Application Scan 
1. Start AppScan 


__a. Double-click on Appscan shortcut on the desktop 


. 
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__2. Configure Scan 


__b. Select Default under Predefined Templates 
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Select Create New Scan.. 





Welcome 












Welcome to AppScan 





9 * 


AppScan’s Knowledge On-Demand 


Recent Scans 


DemoScan ey 
w # Download Extensions 


2) demo.testfire.net 


Quick Start Guide 






IV Display this screen when AppScan launches 





Predefined Templates 


A scan template is simply a scan configuration that has been 
saved so that you can use it for future scans. 


¢ The Default scan template can be used to run a scan without 


changing any of its configurations (however, you must at least set 


the Starting URL for the scan). 


¢ You can use one of the supplied Predefined Templates designed 


for testing AppScan on specific test sites. 


¢ You can create one or more custom User-Defined Templates, 
each configured for your own specific requirements. 





Recent Templates Predefined Templates 


«) demo.testfire.net x} demo.testfire.net 
+ Browse... %) Hacme Bank 
«) WebGoat v4 





l¥ Launch Scan Configuration Wizard 
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Help | Cancel 
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__c. Select Web Application Scan radio button and select Next button 


Scan Configuration Wizard Xx 


Welcome to the Configuration Wizard 


The Configuration Wizard will help you configure a new 
scan based on the scan template: Default 


Select the type of scan you wish to perform: 


© Web Service Scan 
2 watcufire’ 





Web Service Scan 


AppScan also can be used to automate the testing of Web 
Services. Web Services are also are prone to Application Level 
vulnerabilities and as such should also be tested. 


For Web Services the integrated Watchfire PowerTool, “Web 
Services Explorer,” creates a simple interface that displays the 
individual services available and lets you input parameters and 
view the results. This process 1s “recorded” by AppScan and used 
to create tests for the service. 


__d. Enter the Web site to scan: http://testfire.demo.net and select Next button 


Scan Configuration Wizard 


Application Settings - Step 1/3 
Indicate the URL where the scan should start 


ting URL: 


http://www. altoromutual. con ¥ 


To set additional servers and domains, or other advanced 


application settings, click Advanced. 


casck [Fae J] coon 








Advanced Options 


The Advanced Options allow you to configure additional settings 
used by AppScan for the vulnerability assessment specific to the 
application or environment which is being tested 
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__e. Select Automatic Login radio button and enter User Name: jsmith and password: 
Demo1234 and reconfirm password: Demo1234 and select Next button 


Scan Configuration Wizard 


Application Login - Step 2/3 
Select the login method that you wash AppScan to use whenever login i required. 





Recorded Login (recommended method) 


(Select this option for Two-Factor Authentcaton, One-Time 
Passwords, CAPTCHA. ] 


( Automatic Login 


User Name: [smth = 
Password: |eceecces 
Contin Password = | an 


{ No Login 


Hep | 





Application Login 
This section is used for form based authentication 


Recorded Login lets you teach AppScan the procedure for 
logging in to your site: which links to click, which text to input in 


= forms, and the order in which to do them. 
Automatic Login will take the userid and password entered on 
this screen and reuse it whenever prompted for them. 


No Login is used when the application does not use form based 
authentication or require authentication. 


Note: AppScan also supports NTLM, HTTP, client side 
certificates and two factor authentication. 
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__f. Keep default Test Policy and Select Next 





Scan Configuration Wizard x} 


Test Policy - Step 3/3 C 
Select which tests will run against your application: A 








Test policy: Default Load... Edit... 





J This policy includes all tests except invasive and port listener tests. 


Advanced Test Settings... | 


Help 





Policy File Types 


Test Policies can be configured to meet your objectives. 
AppScan comes with the following pre-configured policies 


e Default Policy — All Tests will be executed except 
invasive tests (tests which might affect the server's 
stability) and Port Listener Tests (which 1s an out-of- 
band method to test for SQL injection) 


e Infrastructure Only Policy — Runs only the infrastructure 
tests from the Default Policy 


e Application Only Policy — Runs only the application test 
from the Default Policy 


e Invasive Tests - Includes all invasive tests (tests which 
might affect the server's stability). 


e Complete - Includes all AppScan tests 


e Web Services - Includes all SOAP related tests except 
invasive and port listener tests. 


e The Vital Few - Includes a selection of tests that have a 
high probability of success. This can be useful for 
evaluating a site when time is limited. 
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__g. Select radio button Start 


te TIM MH ee idea ras |e 


® watcufire 
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a full automatic scan and select Finish button 


Completing the Configuration Wizard 


‘ou have successfully completed the Scan 
Configuration Wizard. 


How do you want to start? 
(* Start a full gutomatic scan 
€ Start with automatic Explore only 
€ Start with Manual Explore 


C | will start the scan later 


Completing the Configuration Wizard 
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Start a full automatic Scan — Automatically explores the 
application starting at the Starting point selected in step 
1 of the wizard and then goes directly into the testing 
phase. 


Start with automatic Explore — Automatically explores 
the application starting at the Starting point selected in 
step 1 of the wizard. Once the explore is finished you 

can then review what was found before going on to the 
testing phase. 


Start with Manual Explore — AppScan will open its 
embedded browser and allows you to access the web 
application. AppScan watches were you go and uses 
this information in order to determine its testing. This is 
useful when you only want to test a portion of your site, 
or want to make sure AppScan follows a flow. 


I will start the scan later allows you to configure the 
scan and then schedule it to run unattended 
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__h._ If Auto Save window appears, Select Yes button 


Auto Save 


» The scan needs to be saved now because AppSican is set to ‘Automatically save dunng scan’. 
YY Would you lke to save the scan now? 


SACS ee | 
to disable ‘Awtomatically save during scan’ for this scan 
Eick Disable! io disable inciiaticaly save Guia coun kv he future scans. 


fe 
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6.2  AppScan GUI Layout 


The AppScan main screen contains a menu bar, toolbar and View Selector, and three data panes: 
Application Tree, Result List and Detail Pane. The figure below shows the main screen populated 
with data following a scan (before a scan the three data panes are empty). 


a) 





Ge Et ew an Took Hee 
kdl Gee - Oc Pjeeeipire en Covfigestion FP )santog p) ERenot @ undate 


subi c 
i j 1 
Li i co mr [ 
Seourty binuet Sel iter (1 
2) doctames bie 





(Ep SS Smuts bees [159 weer) bee By App 





+ 1 ASP RT Poors Aatrentication Pppaer 1) 
a) BD Ele SOL leet (4) 


a Paetsch aura (1) 4 Cae hts Sapting | 
. Perce El 1) @ ATP Rees toler |! 
bare ine ia 
+ Leon Page SL Irgecio |. 
a _ bopeeerpeeee i) @) Meron ASP NET CeseSae Senpirg [2 Cc 
t w i rr. 
a) urvey_qunitione tee 6 Porno bull ilpte Flee Metnewad 
7 os 1. | GP Precketable Lowe Ciedernias [1| 
aa i) Berk [ey 4 $08 nection 
4) imager |i] ‘ke ; 
Applkcabion Data 54) wake (1 1) @ SPahinectss |! 
eee? HP Cte Par S01 lngectin 
| 1 Oeectay Lntrg | 
A 5 Lark ligections (abtates Cecep- ibe Pleaaect Progeny] 
B | 1 Senate Filet Found [1 
4 OP Uneroppted Login Magan 
a Bat r 





> Severity: High 
= Type: infrastructure test 
O° WEEE Threat Clagaifte ation: enbC Aton Inset Authentic aio 





A — The View Selector - Click one of the three buttons to select the type of data 
displayed in the three panes. 


a. The Security Issues view - Shows the actual issues discovered, from overview level 
down to individual requests/responses. 


b. The Remediation Tasks view - Provides a To Do list of specific remediation tasks to 
fix the issues that were found during the scan. 


c. The Application Data view - Shows script parameters, interactive URLs, visited 
URLs, broken links, filtered URLs, comments, JavaScripts and cookies from the 
Explore Stage. 

B — Application Tree 
As AppScan gathers the results of the scan it populates the Application Tree; at 
the end of the scan the tree shows all folders, URLs and files that AppScan 
found in your application 
C — Results List 
Shows relevant results for selected node in Application Tree. 


D — Detail Pane 


Shows relevant details for selected item in Results List, in three tabs Advisory, Fix 
Recommendation, and full Request/Response 
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6.3 Review Scan Results 


__3. Review a specific security issue 


We are now going to review the security issues which AppScan detected during the 
vulnerability assessment. In Particular we will examine the Cross-Site scripting issue that 


was discovered on the UID parameter on the login page. 


__a. In Security Issue list Select issue Cross-Site scripting and expand by selecting + sign 





(p58 Security Issues (199 variants) for 'My Application’ 
cS) : ASP.NET Forms Authentication Bypass [1] 


=) @ Blind SQL Injection (4) 


6) http://www. altoromutual.com/bank,customize. aspx (1) 
ca s http://www. altoromutual com/bank/login. aspx {1 
2) htto: //7www. altoromutual.com/comment.aspx [1] 


) =) http://www-altoromutual.com/search.aspx [1] 
+ @ HTTPResponse Splitting [1] 
+ @ Login Page SOL Injection [2] 
+ @ Microsoft ASP.NET Cross-Site Scripting [3) 
@® Poison Null Byte Files Retneval [1] 
@ Predictable Login Credentials [1] 
+) @ SQL Injection (5) 
= @ Path Injection [1] 
) WY Cookie Poisoning SQL Injection [1] 


__b. Select the line http:/Awww.altoromutual.com/bank/login.aspx 


__c. Expand the line by selecting the + sign 





=| @ Cross-Site Scripting [4] 
(+) 2) http://www. altoromutual.com/bank/customize.aspx [1] 
=) ) http://www. altoromutual.com/comment.aspx [1] 


©) http://www.altoromutual.com/search.aspx [1] 
e) 2) http://www. altoromutual.com/bank/login.aspx [1] 
2 uid 
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__d. Resize the security error detail to make more of the error information visible 
































aw Security Iptukt [159 varanls| hot Mp dppbcaton! 

 @ ASPET Foon Suthertcation Bypass [7] 

Bird 200 Ingection |) 

& ® Ceare-Ste Serpang (4) 
gg) Hite. Verve aboomutual com bank custerane aap [| 
Sf] gy Nitec fewer eboromutual comsbankuicgn ange [1 | 


‘) Meee Rta ite 


» Severity: righ 

Type: Application-level fest 

WAS Threat Classification; (Client-side Altacks 

» CVE Reference(s}: 

* Security Risk: is poOssole (0 S63! OF MANIPUlate CLEMOMET $6350 and cooWes, which may be used bo 
IMGre POE & MeQiIMale USET, alti ihe hacker to Wew or aller user repos, are to 
penton fansachons 45 that user 


+ Pivsible Cains 
Sanitation of hazardous characiers was mol pertommed corecty on weer ingeul 





__e. Review the Advisory Tab information 


Uy eee CRTs g iit 


> Severity. 

2 Type: 

2 WASC Threat Classification: Cleni-s 
» CVE Reference(s): 


> Security Risk: It is possible to steal or manipulate customer session and cookies, which may be u 
legitimate user, allowing the hacker to view or alter user records, and to perform t 


+ Possible Causes: 
Sanitation of hazardous characters was nol perornmed comrecthy on user input 


* Technical Description 


The Cross-Site Scripting attack is a privacy Wiolabon, inal allows an attacker bo acquire a legitimate users credentials and to impersa 
inerachineg wath a speecitic website. 


The a8ack hinges on the fact hatte web site contains a Scripl thal nehuns a user's input (Usually @ parameter value) in an ATL pa 
sanitizing the input. This allows an input consisting of JavaScript code to be executed by the browser when the script retuns this ing 
page. AS a resull, itis possible to form links to the site where one of fe parameters consists of malicious JavaScript code, This cod 
user's browser) in ihe sie contex!, granting 4 access fo cookies thal fhe user has for the site, and other windows in ihe she through t 
The attack proceeds as follows: The allacker lures the legitimate user to click on alinkthatwas produced by the aflacker. When the y 
this gongrates a nquest to the web-site containing a parameter value with malicious JavaScript code, tne web-site emibods this pa 
response HTML page (itis is the eseence ofthe site issue), the malicious code will rnin ihe user's browser. 





Advisory Tab 


This view shows the AppScan Advisory, that may include: Test 
= Name, Security Risks posed by this vulnerability, Possible causes 
of why the application is susceptible , Affected Products for 
Infrastructure issues, a Technical Description which explains 
what the issue is and how AppScan tests for it, and additional 
References for further information. 
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__f. Review the Fix Recommendation information 


ieee 
SS 


v) fol teed CRT tits] 


* Fix Recommendation 


¥ General 


Thee are Sireral issues whose rennediation lies in saniizing user input 

By vewifying thal user input does mot contain hazardous characters, itis possible to prevent malicious users irom causing your applic 
Unintended operations, such as launch abiitary SOL quenes, embed Javascript code to be executed on te client side, run various o 
commands ec. 


IE is achaiged ta filer out all fa Follcnaing characters 
[1] | foipe sign) 
[2] & (armnipersand signi 
(3): (sermicolon signi 
[4] $ (dollar sign) 
A] % (pencent sign) 
(8) & (at sign) 
[F] ‘(single apostrophe) 
[Bl = fquotation mark) 
[SI Y (hackslash-esctaped apastophe 
(10) T (backslash escaped quotation rark) 
fi i] => (inanguilar parenihesish 
[12] 0 (parenthesis) 
[13] + (plus sign) 
[14] CR (Caniage retum, ASCH Oxi 
= et I ee a 


(at ete) se. 





__g. Review the Request/Response Tab 


Jy Acheatory| © Fir Peecommandation | Flequest/Fteige snl} 
Veit: 4 idil~ - Orignad abe? 


OY Show in Browser Report False Positive - Manual Test {Delete Variant @) Set os Non-vulnerable 


POST fbank begin. aap ATP. 

ontert-Lengtn: 95 

Accepts * 

Accept-Langueage: #n-ws 

et ee eee ee (compatibles: MSDE €.05 inka) 
a) 


i 
Str wel, 4 horomutie! . com The dedi changes NTT sppibed to 
Bei appli cattenss =. former lencoded 


anima 


tpt ew. a) toromutua] oconmbankVogin. asp ead on tees alee 
aichine 220s 5 S07. 


uid] "a0 peng? alee] Ww al chines 70S 6 2 ete ihuceredul |c/ecuplépas pel eel 23 4ebtasubem t=Lo 


HTTP y/o. 200 OF 
Set-Cookie: ASPLOWET Sessionided peykgehOogjbiStivskofas; pathes; Attednly 
Set-Cookie: amessianId=iOSi5e110175 path= 


14:52:58 GAT 
Server: Kiveresofe-1T5 6.0 
e-Powered-By: ASP.HET 
M=iapNet-Wersions 2.0, 50727 





Response/Request tab 


Shows the original traffic and the specific test that AppScan sent 
the application, and its response. (Can be viewed as HTML or 
Browser. ) 


For the test traffic, AppScan highlights in RED what was injected 
into the HTTP request to test for the issue in question. This 
= information can also be found by looking at the DIFFERENCE 

header in the Details Panel on the far right side. Below the 
DIFFERNCE heading can be found the REASONING header 
which explains why AppScan determined there is an issue. The 
ab> button, Right of the Original button, can be used to find the 
information within the HTTP response that triggered AppScan to 
determine this to be an issue. This information is highlighted in 
yellow. 
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__i.. Review information on Variant Details tab 
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“Ff Variant Details || F=) Screenshot | 


ID: 7650 


Difference: 

The following changes were applied to 
the original request: 

¢Injected '>"><scripb alert 
("WatchfireZ20XSS Z20T est% 
20S uccessful")}</script' into 
parameter ‘uid's value 


Reasoning: 

The test successfully embedded a 
script in the response, which will be 
executed once the page is loaded in 


the user's browser. This means that 
the application is vulnerable to the 
Cross-Site Scripting attack. 





‘Wer additional comments tor this & 


Variant Details 


Variants: If there are variants (different parameters that 
were sent to the same URL), they can be viewed by 
clicking the < and > buttons at the top of the tab. 


Three tabs to the right of this tab let you view Variant 


Details, and let you add a Sceenshot and Comments that 


will be saved with the scan results. 
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__i. Click Show in Browser 


Show in Browser allows us to render the HTTP Response in the browsers 





__i. Click OK if following window appears 


In this case the Show in Browser demonstrates that this Web Application has 
a Cross-Site Scripting Vulnerability 





‘Microsoft Internet Explorer x 


A Watchfire XSS Test Successful 








__i. Review error and close browser 


Online Banking Login 


Login Failed - Invalid Username 


Username: [> " style="width: 150px;"> 


Password: 
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6.4 Generate Defect 


__1. Select issue and right-click and Select Log Defect to ClearQuest 


=] @ Cross-Site Scripting (4) 
[+] 2) http://www. altoromutual.com/bank/ customize. aspx 


Gee http://www. alto ot Senta ne Se eet 1) 
= a Re-test 


y Advisory | %) FixRec Manual Test 

Variant: lofi ~ Delete 

Set as Non-vulnerable 
Copy URL 

















®) Show in Browser — 


jAccept-Language: er | 
User-Agent: Mozille 





Right-click menu Options 


e Re-Test allows you to send the same http request to the 
application in order to see if the test still comes back as 
vulnerable. Normally this is used to check to see if a 
vulnerability has been fixed without rerunning the entire 
scan. 


e Manual Test allows you to do further testing. Clicking 
on it will bring up the http request editor with the current 
test as the test template. You may then edit the request 
and send it to the application. 


e Delete will delete the issue from the scan (if you want to 
keep the issue, but not have it appear in the report, 


choose Set as Non-vulnerable). 


e Set as Non-vulnerable allows you to mark the test as 
non-vulnerable but keeps the test in the non-vulnerable 
store, which can be viewed by going to Scan -> Non- 
Vulnerable variants. 


e Copy URL copies the URL to the clipboard 


e Report false positive allows you to report this finding to 
Watchfire support if you do not agree with the it. 
Watchfire support will work the security team to 
research if this is a false positive or not. If it 1s a false 
positive they will update the validation rules which are 
updated with the daily update mechanism 
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__2. Enter defect information 
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6.5 Perform Remediation 


__3. Select Remediation Tasks in View list 


Remediation Tasks 














Remediation Tasks 


Provides a To Do list of specific remediation tasks to fix the 
issues that were found during the scan. 


__4. Review list of Remediation Tasks 


© 47 Remediation Tasks lor My Application’ 
| = @) Change the login cedentiah: to 4 shomger combanstion [| 
1 © @ Cortect the vendor of pour product to see fo patch or ale has been made avedsble recerty [3] 
Enews that acceso fle: peside in the virtual path and hare cevlain edercions: penis epecia charecters [rom user ingat [1] 
) Filer out hazardoue characters from ues gat [11] 
) = @ Incial the ASP.NET VaeideteP th module, of reed snd implement Micrasofl Secunty Bulletin MS064M4 [1] 
) 2 BH Encrypt of login requests [7] 
| FF Modiy the server configuration bo derg directoey isting. and install the latest security patches avadable [[1) 
| 2 Y Retive any unneeded Met [ree the vitual decker. [1] 
| > Always use the HTTP POST method when sending sensitive infomation [2] 


e a 


VY } Change the login credentials to a stronger combination 


* This remediation task is designed to atiress the folowing security sues: 
[1] Predictable Login Credentials 


© (etails 


Easy fo preditl credentials (Such aS admineadmin, guest+ guest, fesi+best, oc.) should nol be used, because they Could easily be yf 
users Unrantad aniry io the application. 





- Remediation Tasks 


LZ Details of how to remediate the tasks will appear in the details 
pane (bottom section) for each task selected. 
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__5. Select the task Filter out hazardous characters from user input and expand the login.aspx 
window 


47 Remediation Tasks for ‘My Application’ 
Ensure that accessed files reside in the virtual path and have certain extensions; remove special c 
Filter out hazardous characters frorn user input [11] 
+) 28) http://www. altoromutual.com/ (2) 
+) &) hitp://wew.altoromutual.com/comment.aspx [1] 
A 2 hitter: / aa. altoromutual com/search.aspx [1] 
1 3 http://www, altoromutual, com/bank/account.asps [1] 
+] (ss) Fitts: # wna. altorormutual. Gomrbank;cusionics, acpx [1] 
[=] 3 ML ea ade ULL, Li eee dee 
ea) passw 
“2 wid 


Pee Pees Slee ie oll ee Be ede De pee ai 


* This remediation task is designed to address the following security issues: 
[1] Cross-Site Scripting 
[2] SQL Injection 
[3] Blind SQL Injection 
[4] Login Page SQL Injection 





* Details 


Remediation Tasks 


= Note the uid parameter that we saw ealier, and by completing this 
remediation task for uid we will be addressing 4 security issues. 
Remediation Tasks provide an efficient mechanism for fixing the 
vulnerabilities that were found on the application. 
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6.6 Create Summary Report 





__1. In window toolbar select Report icon “i Report 
__2. Review the Available Reports 


__a. Security Report 


ii 203 mR 
Security Report Industry Standard Regulatory Compliance Delta Analysis 


Report Type | Layout | 


Template: [Executive Summary ¥ 
Min. Severity: [Informational 7| Test Type: All 


=) ] Report Content 
Executive Summary (Entire Scan) 
=) (J Security Issues 
=) [I] Variants 
([] Request/Response 
(CJ User Comments 
([] Show Validation in Response 
(CJ Screenshots 
=) ([] Advisories and Fix Recommendations 
C.NET 
CJ J2ee 
[_] Remediation Tasks 
= ( Appiication Data 
(] Application URLs 
(CJ Script Parameters 
([] Broken Links 
[_] Comments 
(C] JavaScripts 
([] Cookies 











Security Report 


@ 
The Security Report reports on the security 
vulnerabilities found in the scan. There are five content 
options: 


e Executive Summary: A statistical summary formatted as 
tables and charts. 


e Detailed: Includes full details in addition to the 
Executive Summary. 


e Remediation: Lists the remediation tasks required to 
resolve the discovered vulnerabilities. 


e Developer: Lists Issues, Remediation Tasks and 
Application Data. 


e §=QA: Lists Advisory and Fix Recommendations, 
Application Data and Visited URLs. 


e Site Inventory: Lists Visited URLs and Application 
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Data. 


__b. Industry Standard 
x 


M 


Regulatory Compliance Delta Analysis 


Repott Type | Layout | 


(* Industry Standard Report Template 


SANS Top 20 V5 

SANS Top 20 V6 

WASC Threat Classification 

The Payment Card Industry Data Security Standard (PCI) 
NERC CIPC Electricity Sector Security Guidelines 
International Standard -1SO 17739 

International Standard -1SO 27001 





Industry Standard Report 


Lets you know if your application complies with the 


© standards of a selected industry committee (such as 
OWASP Top 10, SANS Top 20, WASC Threat 
Classification, PCI). 


You can create and check compliance with your own 
custom standards checklist. 
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__c. Regulatory Compliance 


Mg. lee dott as 


os 


Security Report Industry Standard Regulatory Compliance Delta Analysis 


Report Type | Layout | 


(* Regulatory Compliance Report Template 


[EU] European Directive 1995/46/EC 

[EU] European Directive 2002/58/EC 

[JAPAN] Japan's Personal Information Protection Act 
[UK] Data Protection Act 

[US] California Assembly Bill No. 1950 and Senate Bill 1386 
[US] Children Online Privacy Protection Act (COPPA) 
(US] DCID 673 Availability Basic 

[US] DCID 673 Availability High 

(US] DCID 6/3 Availability Medium 

[US] DCID 673 Confidentiality Reqs Protection Level 1 
[US] DCID 673 Confidentiality Reqs Protection Level 2 
[US] DCID 673 Confidentiality Reqs Protection Level 3 
[US] DCID 673 Confidentiality Reqs Protection Level 4 
{US] DCID 673 Confidentiality Regs Protection Level 5 
[US] DCID 6/3 Inteanty Basic 

(US] DCID 673 Integrity High 





Regulatory Compliance Report 


The Regulatory Compliance reports lets you know if your 
application complies with a large choice of regulations or 
legal standards (such as HIPAA, GLBA, COPPA, SOX, 


California SB 1386 and AB 1950, and European 


Directive 1995/46/EC). 
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You can create and check compliance with your own 
custom Regulatory Compliance template. 
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__d. Delta Analysis 


Create Report 





i . Delta Analysis Report 
| Ld 
| Compares two sets of scan results and shows the 


difference in URLs and/or security issues discovered. 
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__3. Select Security Report button and Select Preview button 


Create Report 


S 
ao 
~~ 5 


—aas oa se *_*t 
Industry Standard Regulatory Compliance Delta Analysis 


Report Type | Layout | 


Template: [Executive Summary x] 
Min. Severity: [Informational 7| Test Type: All 


=) [4] Report Content 
[YJ Executive Summary (Entire Scan) 
=) (J Security Issues 
=) (0 Variants 
(_] Request/Response 
(-] User Comments 
([] Show Validation in Response 
([] Screenshots 
=) (7 Advisories and Fix Recommendations 
C.NET 
(] J2EE 
([] Remediation Tasks 
=) [1 Application Data 
([] Application URLs 
(] Script Parameters 
(_] Broken Links 
[-] Comments 
([] JavaScripts 
(J Cookies 





__4. Review each of the six pages displayed to see the executive summary report of the scan 


__5. Close the Report 


__6. Select Close button to close the Report Window 
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Industry Standard Regulatory Compliance Delta Analysis 


= [4] Report Content 
[¥] Executive Summary (Entire Scan] 
= C] Secutity Issues 
= (] Variants 
[] Request/Response 
[J User Comments 
[] Show Validation in Response 
[-] Screenshots 
=) (] Advisories and Fix Recommendations 
CJ .NET 
LI J2EE 
[[] Remediation Tasks 
= (1) Application Data 
[] Application URLs 
C] Script Parameters 
[-] Broken Links 
CJ Comments 
J JavaScripts 
[-] Cookies 
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